PRODAFT CATALYST Explore CATALYST by PRODAFT, a cyber threat intelligence platform for tracking threat actors, analyzing cybercrime activity, and delivering real-time, actionable security insights. Turn intelligence into action—and stay ahead of evolving threats. #Cybersecurity #ThreatIntel #CyberResilience #VistemElevate catalyst.prodaft.com/public/…

Intel Report [CRITICAL] - The Gentlemen ransomware operation, tracked as Phantom Mantis by PRODAFT and Storm-2697 by Microsoft, has rapidly evolved from a RaaS affiliate into an independent and highly capable ransomware partnership program. Led by... enigma-global.com/og/report/…

🕵️‍♂️ سقوط قناع "The Gentlemen" الملف الاستخباراتي والتكتيك التقني لأخطر عصابات الفدية المدعومة بالذكاء الاصطناعي 🧬🔒 كشف تقرير مؤسسة PRODAFT عن الهوية الحقيقية لقائد المجموعة وهو الروسي "ألكسندر ياباييف" (المعروف بـ LARVA-368) المجموعة بدأت كشريك لعصابات عملاقة مثل LockBit و Qilin قبل أن تنفصل وتتحول لبرنامج مستقل ومكتفٍ ذاتياً ⚙️ التكتيك التقني المرعب والآثار : 🧠 الذكاء الاصطناعي : تعتمد المجموعة بشكل ضخم على الـ AI لتطوير وصيانة برمجيات التشفير وأتمتة الاختراق 🧬 دودة ذاتية الانتشار : البرمجية مكتوبة بلغة Go، وبمجرد تفعيل أمر ⁠--spread⁠ تتحول إلى دودة تشفر كل نظام متاح على الشبكة تلقائياً مع خيار ⁠--wipe⁠ لحذف أي ملف قابل للاسترداد 🚪 الوصول الأولي : استغلال الأجهزة المواجهة للإنترنت (مثل جدران حماية Cisco و Fortinet) مع تكتيك الابتزاز متعدد القنوات (تشفير،إيميلات، وضغط عبر الهاتف) 💡 الخلاصة : المجموعة تستحوذ حالياً على 10% من إجمالي عمليات برامج الفدية عالمياً وتستهدف بشكل خاص بيئات VMware و Active Directory عبر نموذج تقاسم أرباح عدواني (90% للشركاء) لجذب محترفي الاختراق 🔒📉 #الأمن_السيبراني #TheGentlemen #Cybersecurity

🚨 PHANTOM MANTIS (a.k.a. The Gentlemen): They only hold the door open to exfiltrate your data. Meet Phantom Mantis, the ransomware crew that went from total unknown to one of the most prolific operations. 💀 🔥 HUNDREDS of victims on their leak site 🌍 Confirmed hits across 20 countries 📈 Explosive growth that nobody saw coming We are tearing the operation wide open.🕵️ 🔴 TLP:RED version: the full deep-dive: affiliate intel, victimology, the usual PRODAFT stuff. ⚪ TLP:CLEAR: Open to everyone, right here: 👉 catalyst.prodaft.com/public/… #TheGentlemen

Wake up. An email from a vendor recently argued that a SQL injection vulnerability in their database backup CLI was merely "informational" because: "If an attacker can create a table with a malicious name, they already have access." The response also stated: "We do not consider the CLI to be suitable for machine usage and do not use it for internal workflows." There are two fundamental problems with this reasoning. First, the threat model assumes only the workflows the vendor personally envisions. There are SaaS n-tier designs where users actually create datasets, workspaces, projects, import jobs, tenant-specific resources, temporary analysis tables, plugin-defined objects, and many other entities that eventually become database object names. User-controlled object names are not an edge case. Second, the threat model ignores how customers actually operate systems. DevOps teams use CLI tools for automation every day. Backups, restores, migrations, exports, CI/CD jobs, disaster recovery procedures, and offsite archival processes are frequently driven by platform CLIs. Whether the vendor uses the CLI internally is largely irrelevant. Customers do. The security question is not whether an attacker can create a table. The security question is whether attacker-controlled metadata can be processed later by a different trust boundary: an administrator, a service account, a backup pipeline, a CI runner, or an automated operational workflow. As a platform provider, your threat model cannot stop at your own assumptions about how customers should use your product. (Oh by the way, yes we have these both use-cases at PRODAFT :)

Conclusion 25/25 Subtle Snail exemplifies the subtle, persistent nature of cyber operations that continue alongside more visible conflicts. By shining a light on these activities, we gain a fuller picture of global strategic dynamics. Stay informed, remain cautious online, and recognise that much of today’s power plays happen quietly in the digital shadows. For an in depth report on this check out @PRODAFT and the link below catalyst.prodaft.com/public/…

LOL. He is a manager at prodaft, so he should have more confidence than you. Actually, all skids have the confidence to say that, just like you

secp0 Ransomware has allegedly breached IT and cybersecurity firm Terralogic or rehashing last years breach New URLs /secp0-news[.]ws /secp0-leaks[.]com /secp0-support[.]cfd cc @PRODAFT

@FalconFeedsio @DarkWebInformer @AlvieriD @aejleslie @vxunderground @vxdb @campuscodi @BleepinComputer @Reuters @LawrenceAbrams @g0njxa @RussianPanda9xx @fastfire @H4ckManac @SOSIntel @banthisguy9349 @Threatlabz @PRODAFT @ValeryMarchive @AShukuhi @ddd1ms @3xp0rtblog @Jon__DiMaggio @SttyK @jamieantisocial @UK_Daniel_Card @EvilRabbitSec @Cyber_0leg @GangExposed @bellingcat @Ransom_DB @azalsecurity @joetidy @WhichbufferArda @malwrhunterteam @cyberfeeddigest @H4ckmanac @ransomnews @fbgwls245

Ahummmm worth the reading 🤔

@FalconFeedsio @DarkWebInformer @AlvieriD @aejleslie @vxunderground @vxdb @campuscodi @BleepinComputer @Reuters @LawrenceAbrams @g0njxa @RussianPanda9xx @fastfire @H4ckManac @SOSIntel @banthisguy9349 @Threatlabz @PRODAFT @ValeryMarchive @AShukuhi @ddd1ms @3xp0rtblog @Jon__DiMaggio @SttyK @jamieantisocial @UK_Daniel_Card @EvilRabbitSec @Cyber_0leg @GangExposed @bellingcat @Ransom_DB @azalsecurity @joetidy @WhichbufferArda @malwrhunterteam @cyberfeeddigest @H4ckmanac @ransomnews @fbgwls245

> phish blackhats on cybercrime forums for account takeover > sell compromised forum accounts to prodaft for profit > only get swatted twice > profit?

nice honeypot @PRODAFT

Most obvious ProDaft honeypot 😂

Blue on blue all day long. Glad not to be there 😂😂😂